In K8s 1.15 and older it is not yet possible to disable kube-proxy via --skip-phases=addon/kube-proxy
in kubeadm, therefore the below workaround for manually removing the kube-proxy DaemonSet and
cleaning the corresponding iptables rules after kubeadm initialization is still necessary (kubeadm#1733).

Initialize control-plane as first step:

kubeadminit--pod-network-cidr=10.217.0.0/16

Then delete the kube-proxy DaemonSet and remove its iptables rules as following:

Install Helm to prepare generating
the deployment artifacts based on the Helm templates.

Next, generate the required YAML files and deploy them. Replace $API_SERVER_IP
and $API_SERVER_PORT with the control-plane node IP address and the kube-apiserver
port number reported by kubeadminit (usually it is 6443).

This will install Cilium as a CNI plugin with the BPF kube-proxy replacement.
See Kubernetes NodePort (beta) for requirements and configuration options for NodePort
services.

Note

Currently, in the kube-proxy-free setup, Cilium will connect to only one
kube-apiserver specified by k8sServiceHost:k8sServicePort. This is not
ideal in a multi-control-plane node setup. The upcoming Cilium release will
allow to connect to multiple nodes (GH#9018).